summaryrefslogtreecommitdiff
path: root/daemon/bd.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/bd.c')
-rw-r--r--daemon/bd.c171
1 files changed, 84 insertions, 87 deletions
diff --git a/daemon/bd.c b/daemon/bd.c
index 916c453..6cd7b6b 100644
--- a/daemon/bd.c
+++ b/daemon/bd.c
@@ -25,8 +25,8 @@ static unsigned char g_digest_secret[DIGEST_SECRET_LEN];
static void free_hash_object(void* arg, void* val)
{
- if(val && val != BASIC_ESTABLISHED)
- free(val);
+ if(val && val != BASIC_ESTABLISHED)
+ free(val);
}
static digest_record_t* get_cached_digest(bd_context_t* ctx, ha_context_t* c,
@@ -92,7 +92,7 @@ static int save_cached_digest(bd_context_t* ctx, ha_context_t* c,
if(!r)
{
- ha_messagex(LOG_CRIT, "out of memory");
+ ha_messagex(NULL, LOG_CRIT, "out of memory");
return HA_CRITERROR;
}
@@ -120,22 +120,21 @@ static int add_cached_basic(bd_context_t* ctx, ha_context_t* c,
if(!r)
{
- ha_messagex(LOG_CRIT, "out of memory");
+ ha_messagex(NULL, LOG_CRIT, "out of memory");
return HA_CRITERROR;
}
return HA_OK;
}
-static int do_basic_response(bd_context_t* ctx, const char* header,
- const ha_request_t* req, ha_response_t* resp)
+static int do_basic_response(ha_request_t* rq, bd_context_t* ctx, const char* header)
{
basic_header_t basic;
int ret = HA_FALSE;
- ASSERT(header && resp && req);
+ ASSERT(header && rq);
- if((ret = basic_parse(header, req->buf, &basic)) < 0)
+ if((ret = basic_parse(header, rq->buf, &basic)) < 0)
return ret;
/* Past this point we don't return directly */
@@ -143,7 +142,7 @@ static int do_basic_response(bd_context_t* ctx, const char* header,
/* Check and see if this connection is in the cache */
if(have_cached_basic(ctx, basic.key))
{
- ha_messagex(LOG_NOTICE, "bd: validated basic user against cache: %s",
+ ha_messagex(rq, LOG_NOTICE, "validated basic user against cache: %s",
basic.user);
ret = HA_OK;
goto finally;
@@ -153,42 +152,41 @@ static int do_basic_response(bd_context_t* ctx, const char* header,
if(!basic.user || !basic.user[0] ||
!basic.password || !basic.password[0])
{
- ha_messagex(LOG_NOTICE, "bd: no valid basic auth info");
+ ha_messagex(rq, LOG_NOTICE, "no valid basic auth info");
ret = HA_FALSE;
goto finally;
}
ASSERT(ctx->f_validate_basic);
- ret = ctx->f_validate_basic(req, basic.user, basic.password);
+ ret = ctx->f_validate_basic(rq, basic.user, basic.password);
finally:
if(ret == HA_OK)
{
- resp->code = HA_SERVER_OK;
- resp->detail = basic.user;
+ rq->resp_code = HA_SERVER_OK;
+ rq->resp_detail = basic.user;
/* We put this connection into the successful connections */
- ret = add_cached_basic(ctx, req->context, basic.key);
+ ret = add_cached_basic(ctx, rq->context, basic.key);
}
return ret;
}
-static int do_digest_challenge(bd_context_t* ctx, const ha_request_t* req,
- ha_response_t* resp, int stale)
+static int do_digest_challenge(ha_request_t* rq, bd_context_t* ctx, int stale)
{
unsigned char nonce[DIGEST_NONCE_LEN];
const char* nonce_str;
const char* header;
- ASSERT(ctx && resp && req);
+ ASSERT(ctx && rq);
#ifdef _DEBUG
- if(req->context->digest_debugnonce)
+ if(rq->context->digest_debugnonce)
{
- nonce_str = req->context->digest_debugnonce;
- ha_messagex(LOG_WARNING, "bd: using debug nonce. security non-existant.");
+ nonce_str = rq->context->digest_debugnonce;
+ ha_messagex(rq, LOG_WARNING, "using debug nonce. security non-existant.");
}
else
#endif
@@ -196,28 +194,27 @@ static int do_digest_challenge(bd_context_t* ctx, const ha_request_t* req,
unsigned char nonce[DIGEST_NONCE_LEN];
digest_makenonce(nonce, g_digest_secret, NULL);
- nonce_str = ha_bufenchex(req->buf, nonce, DIGEST_NONCE_LEN);
+ nonce_str = ha_bufenchex(rq->buf, nonce, DIGEST_NONCE_LEN);
if(!nonce_str)
- return HA_CRITERROR;
+ return HA_CRITERROR;
}
/* Now generate a message to send */
- header = digest_challenge(req->buf, nonce_str, req->context->realm,
- req->digest_domain, stale);
+ header = digest_challenge(rq->buf, nonce_str, rq->context->realm,
+ rq->digest_domain, stale);
if(!header)
return HA_CRITERROR;
/* And append it nicely */
- resp->code = HA_SERVER_DECLINE;
- ha_addheader(resp, "WWW-Authenticate", header);
+ rq->resp_code = HA_SERVER_DECLINE;
+ ha_addheader(rq, "WWW-Authenticate", header);
- ha_messagex(LOG_DEBUG, "bd: created digest challenge with nonce: %s", nonce_str);
+ ha_messagex(rq, LOG_DEBUG, "created digest challenge with nonce: %s", nonce_str);
return HA_OK;
}
-static int do_digest_response(bd_context_t* ctx, const char* header,
- const ha_request_t* req, ha_response_t* resp)
+static int do_digest_response(ha_request_t* rq, bd_context_t* ctx, const char* header)
{
unsigned char nonce[DIGEST_NONCE_LEN];
digest_header_t dg;
@@ -228,26 +225,26 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
int stale = 0;
int r;
- ASSERT(ctx && header && req && resp);
+ ASSERT(ctx && header && rq);
/* We use this below to send a default response */
- resp->code = -1;
+ rq->resp_code = -1;
- if((r = digest_parse(header, req->buf, &dg, nonce)) < 0)
+ if((r = digest_parse(header, rq->buf, &dg, nonce)) < 0)
return r;
#ifdef _DEBUG
- if(req->context->digest_debugnonce)
+ if(rq->context->digest_debugnonce)
{
- if(dg.nonce && strcmp(dg.nonce, req->context->digest_debugnonce) != 0)
+ if(dg.nonce && strcmp(dg.nonce, rq->context->digest_debugnonce) != 0)
{
ret = HA_FALSE;
- ha_messagex(LOG_WARNING, "bd: digest response contains invalid nonce");
+ ha_messagex(rq, LOG_WARNING, "digest response contains invalid nonce");
goto finally;
}
/* Do a rough hash into the real nonce, for use as a key */
- md5_string(nonce, req->context->digest_debugnonce);
+ md5_string(nonce, rq->context->digest_debugnonce);
/* Debug nonce's never expire */
expiry = time(NULL);
@@ -259,18 +256,18 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
if(r != HA_OK)
{
if(r == HA_FALSE)
- ha_messagex(LOG_WARNING, "bd: digest response contains invalid nonce");
+ ha_messagex(rq, LOG_WARNING, "digest response contains invalid nonce");
goto finally;
}
}
- rec = get_cached_digest(ctx, req->context, nonce);
+ rec = get_cached_digest(ctx, rq->context, nonce);
/* Check to see if we're stale */
- if((expiry + req->context->cache_timeout) <= time(NULL))
+ if((expiry + rq->context->cache_timeout) <= time(NULL))
{
- ha_messagex(LOG_INFO, "bd: nonce expired, sending stale challenge: %s",
+ ha_messagex(rq, LOG_INFO, "nonce expired, sending stale challenge: %s",
dg.username);
stale = 1;
@@ -279,7 +276,7 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
if(!rec)
{
- ha_messagex(LOG_INFO, "bd: no record in cache, creating one: %s", dg.username);
+ ha_messagex(rq, LOG_INFO, "no record in cache, creating one: %s", dg.username);
/*
* If we're valid but don't have a record in the
@@ -294,7 +291,7 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
}
ASSERT(ctx->f_complete_digest);
- r = ctx->f_complete_digest(req, dg.username, rec->ha1);
+ r = ctx->f_complete_digest(rq, dg.username, rec->ha1);
if(r != HA_OK)
{
ret = r;
@@ -308,32 +305,32 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
rec->nc++;
}
- ret = digest_check(&dg, rec, req->context, req->buf,
- req->args[AUTH_ARG_METHOD], req->args[AUTH_ARG_URI]);
+ ret = digest_check(&dg, rec, rq->context, rq->buf,
+ rq->req_args[AUTH_ARG_METHOD], rq->req_args[AUTH_ARG_URI]);
if(ret == HA_BADREQ)
{
ret = HA_FALSE;
- resp->code = HA_SERVER_BADREQ;
+ rq->resp_code = HA_SERVER_BADREQ;
}
else if(ret == HA_OK)
{
- resp->code = HA_SERVER_OK;
- resp->detail = dg.username;
+ rq->resp_code = HA_SERVER_OK;
+ rq->resp_detail = dg.username;
/* Figure out if we need a new nonce */
- if((expiry + (req->context->cache_timeout -
- (req->context->cache_timeout / 8))) < time(NULL))
+ if((expiry + (rq->context->cache_timeout -
+ (rq->context->cache_timeout / 8))) < time(NULL))
{
- ha_messagex(LOG_INFO, "bd: nonce almost expired, creating new one: %s",
+ ha_messagex(rq, LOG_INFO, "nonce almost expired, creating new one: %s",
dg.username);
digest_makenonce(nonce, g_digest_secret, NULL);
stale = 1;
}
- t = digest_respond(req->buf, &dg, rec, stale ? nonce : NULL);
+ t = digest_respond(rq->buf, &dg, rec, stale ? nonce : NULL);
if(!t)
{
ret = HA_CRITERROR;
@@ -341,12 +338,12 @@ static int do_digest_response(bd_context_t* ctx, const char* header,
}
if(t[0])
- ha_addheader(resp, "Authentication-Info", t);
+ ha_addheader(rq, "Authentication-Info", t);
- ha_messagex(LOG_NOTICE, "bd: validated digest user: %s", dg.username);
+ ha_messagex(rq, LOG_NOTICE, "validated digest user: %s", dg.username);
/* Put the connection into the cache */
- if((r = save_cached_digest(ctx, req->context, rec)) < 0)
+ if((r = save_cached_digest(ctx, rq->context, rec)) < 0)
ret = r;
rec = NULL;
@@ -359,8 +356,8 @@ finally:
free(rec);
/* If nobody above responded then challenge the client again */
- if(resp->code == -1)
- return do_digest_challenge(ctx, req, resp, stale);
+ if(rq->resp_code == -1)
+ return do_digest_challenge(rq, ctx, stale);
return ret;
}
@@ -375,7 +372,7 @@ int bd_init(ha_context_t* context)
/* Global initialization */
if(!context)
{
- ha_messagex(LOG_DEBUG, "bd: generating secret");
+ ha_messagex(NULL, LOG_DEBUG, "generating secret");
return ha_genrandom(g_digest_secret, DIGEST_SECRET_LEN);
}
@@ -390,15 +387,15 @@ int bd_init(ha_context_t* context)
/* Make sure there are some types of authentication we can do */
if(!(context->allowed_types & (HA_TYPE_BASIC | HA_TYPE_DIGEST)))
{
- ha_messagex(LOG_ERR, "bd: module configured, but does not implement any "
- "configured authentication type.");
+ ha_messagex(NULL, LOG_ERR, "module configured, but does not implement any "
+ "configured authentication type.");
return HA_FAILED;
}
/* The cache for digest records and basic */
if(!(ctx->cache = hsh_create(MD5_LEN)))
{
- ha_messagex(LOG_CRIT, "out of memory");
+ ha_messagex(NULL, LOG_CRIT, "out of memory");
return HA_CRITERROR;
}
@@ -406,7 +403,7 @@ int bd_init(ha_context_t* context)
htc.arg = NULL;
hsh_set_table_calls(ctx->cache, &htc);
- ha_messagex(LOG_INFO, "ldap: initialized handler");
+ ha_messagex(NULL, LOG_INFO, "initialized handler");
}
return HA_OK;
@@ -428,54 +425,54 @@ void bd_destroy(ha_context_t* context)
if(ctx->cache)
hsh_free(ctx->cache);
- ha_messagex(LOG_INFO, "bd: uninitialized handler");
+ ha_messagex(NULL, LOG_INFO, "uninitialized handler");
}
-int bd_process(const ha_request_t* req, ha_response_t* resp)
+int bd_process(ha_request_t* rq)
{
- bd_context_t* ctx = (bd_context_t*)req->context->ctx_data;
+ bd_context_t* ctx = (bd_context_t*)rq->context->ctx_data;
time_t t = time(NULL);
const char* header = NULL;
int ret, r;
- ASSERT(req && resp);
- ASSERT(req->args[AUTH_ARG_METHOD]);
- ASSERT(req->args[AUTH_ARG_URI]);
+ ASSERT(rq);
+ ASSERT(rq->req_args[AUTH_ARG_METHOD]);
+ ASSERT(rq->req_args[AUTH_ARG_URI]);
ha_lock(NULL);
/* Purge out stale connection stuff. */
- r = hsh_purge(ctx->cache, t - req->context->cache_timeout);
+ r = hsh_purge(ctx->cache, t - rq->context->cache_timeout);
ha_unlock(NULL);
if(r > 0)
- ha_messagex(LOG_DEBUG, "ldap: purged cache records: %d", r);
+ ha_messagex(rq, LOG_DEBUG, "purged cache records: %d", r);
/* We use this below to detect whether to send a default response */
- resp->code = -1;
+ rq->resp_code = -1;
/* Check the headers and see if we got a response thingy */
- if(req->context->allowed_types & HA_TYPE_DIGEST)
+ if(rq->context->allowed_types & HA_TYPE_DIGEST)
{
- header = ha_getheader(req, "Authorization", HA_PREFIX_DIGEST);
+ header = ha_getheader(rq, "Authorization", HA_PREFIX_DIGEST);
if(header)
{
- ha_messagex(LOG_DEBUG, "ldap: processing digest auth header");
- ret = do_digest_response(ctx, header, req, resp);
+ ha_messagex(rq, LOG_DEBUG, "processing digest auth header");
+ ret = do_digest_response(rq, ctx, header);
if(ret < 0)
return ret;
}
}
/* Or a basic authentication */
- if(!header && req->context->allowed_types & HA_TYPE_BASIC)
+ if(!header && rq->context->allowed_types & HA_TYPE_BASIC)
{
- header = ha_getheader(req, "Authorization", HA_PREFIX_BASIC);
+ header = ha_getheader(rq, "Authorization", HA_PREFIX_BASIC);
if(header)
{
- ha_messagex(LOG_DEBUG, "bd: processing basic auth header");
- ret = do_basic_response(ctx, header, req, resp);
+ ha_messagex(rq, LOG_DEBUG, "processing basic auth header");
+ ret = do_basic_response(rq, ctx, header);
if(ret < 0)
return ret;
}
@@ -483,24 +480,24 @@ int bd_process(const ha_request_t* req, ha_response_t* resp)
/* Send a default response if that's what we need */
- if(resp->code == -1)
+ if(rq->resp_code == -1)
{
- resp->code = HA_SERVER_DECLINE;
+ rq->resp_code = HA_SERVER_DECLINE;
- if(req->context->allowed_types & HA_TYPE_BASIC)
+ if(rq->context->allowed_types & HA_TYPE_BASIC)
{
- ha_bufmcat(req->buf, "BASIC realm=\"", req->context->realm , "\"", NULL);
+ ha_bufmcat(rq->buf, "BASIC realm=\"", rq->context->realm , "\"", NULL);
- if(ha_buferr(req->buf))
+ if(ha_buferr(rq->buf))
return HA_CRITERROR;
- ha_addheader(resp, "WWW-Authenticate", ha_bufdata(req->buf));
- ha_messagex(LOG_DEBUG, "bd: sent basic auth request");
+ ha_addheader(rq, "WWW-Authenticate", ha_bufdata(rq->buf));
+ ha_messagex(rq, LOG_DEBUG, "sent basic auth request");
}
- if(req->context->allowed_types & HA_TYPE_DIGEST)
+ if(rq->context->allowed_types & HA_TYPE_DIGEST)
{
- ret = do_digest_challenge(ctx, req, resp, 0);
+ ret = do_digest_challenge(rq, ctx, 0);
if(ret < 0)
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 22:24:12 +0000